A group of digital activists shared nearly 2TB of data from forensic companies online cellebrite and MSABknown for providing solutions for breaking, by force, the cell phone encryption and other mobile devices, particularly iPhones. According to the Enlace Hacktivist website, the first to share what happened, the data was shared by “an anonymous individual”, and no one knows how they were obtained.
End-to-end encryption bothers authoritarian regimes and Cellebrite would profit from them San Bernardino attack in 2015. The attack, carried out by a couple who lived in the area, left 14 dead and 22 injured. In February 2016, the FBI declared that it was unable to break through the end-to-end encryption implemented on the iPhone 5c of one of the perpetrators, and in order to gain access to the data, it asked Apple to unlock it, which the company refused to do, no matter the circumstance, even under penalty of facing federal prosecution for obstruction of justice. On March 28, the US government announced that it had managed to unlock the iPhone (there was nothing relevant on it, however), thanks to a tool offered by “a third party”, which was initially thought to be Cellebrite; although 2021, the company that actually unlocked the device was identified as the Australian Azimuth Security, the case put the Israelis in the center of attention. That’s because at the time, Cellebrite used what happened to promote its cell phone unlocking tools, including iPhones and Android devices from any manufacturer, and offer its services and kits to governments and law enforcement officials, ideally for criminal investigations. Of course, it didn’t take long for the company to be accused of facilitating the surveillance and harassment of activists, journalists and dissidents, by having as clients the governments of Russia, Venezuela and China, death squads in Bangladesh, military junta in Myanmar, Saudi Arabia, Iran, Belarus, Azerbaijan and Turkey, etc. Cellebrite’s solutions have also been used in Brazil: in 2021, the Civil Police of Rio de Janeiro used the Israeli company’s solutions to recover deleted data from a cell phone of those involved in the Henry Borel case. Over the years, Cellebrite has collected enemies and foes, including Apple and Google, as both constantly update their systems to become immune to crypto-cracking tools, which governments in general are not very fond of. In another case, when the Israelis announced that they had broken Signal’s protection, the CEO of the messenger responded by announcing that he had broken into the adversary’s software, using a kit that allegedly “fell from a truck”.
The kit that Cellebrite “lost” (Credit: Moxie Marlinspike/Signal) Of course, Cellebrite isn’t the only forensics company offering cell phone encryption cracking services to those who can afford it. The Swedish MSAB, also accused of selling services to countries like Myanmar, is also criticized by groups that defend digital rights and freedom of expression on the internet. Both would have been the target of an unidentified hacker, who managed to collect 1.7 TB of data from Cellebrite, and 103 GB from MSAB. These were passed on to the sites Enlace Hacktivismo and DDoSecrets, which made them available for anyone to download, via direct download or torrent. The files contain all of Cellebrite’s encryption cracking solutions, such as its flagship UFED, and others such as Physical Analyzer (basic and Ultra versions), Cellebrite Reader, and licensing tools. There are also technical guides and files used to teach how to use the software and physical tools. The leaked files also include internal documents for dealing with customers of both companies, between November 19 and December 3, 2022, possibly the period in which the original hacker had access to the information. This indicates that this is not a leak, but an invasion of the databases of both forensic companies. Based on data analysis, sensitive customer information was not accessed, and is not found in download packages; Cellebrite and MSAB’s systems are not critically affected and are operating normally. It’s quite possible that the folks at Cellebrite are like this right now:
It went bad, Cellebrite (Credit: Reproduction/Brandywine Productions/20th Century Studios/Disney) Even though both Cellebrite and MSAB are racing to strengthen their software defenses, it is a fact that Pandora’s Box has been opened: their software, even then absolutely restricted to governments, authorities and people with a lot of money, regardless of their nature, they are now a click away from anyone. Hackers and activists will use reverse engineering and will scrutinize the software code, from top to bottom, in order to offer countermeasures to those who really need to protect their data on their cell phones, not to mention that Tim Cook and Sundar Pichai must be laughing a lot right now, while its software engineers crack programs to fortify the defenses of iOS, iPadOS and Android. Moreover, Cellebrite may no longer boast of being the company capable of “breaking the defense of any cell phones that exist”, and now has to enter into a game of cat and mouse against Apple and Google, hackactivists and various third-party companies, that will not allow their users’ data to be snooped in the future. Source: DDoSecrets